Just saw this on the Full Disclosure list...

This is the best phishing scam I've seen yet: http://www.bis1bp.com/a12/index.html

I have Windows Server 2003 fully patched and this works. The program fakes an address bar so this would pass through most people's safety check, after all the address bar clearly has the correct address.

There are bugs in the code, for example, all your Internet Explorer windows will now have this address, but again for most people would only have one window open.
Pretty smart and very dirty scammers...

If you disable active scripting they can't fake the address bar... or if you have a google toolbar (or similar), the script messes up and places the URL in the wrong place. Or, if you use a different resolution other than 800x600 or 1024x768 the script will mess up again and append the faked address to the real address.... also, I've noticed that it caries over to things such as outlook when the browser window is left open.

BTW: The box I tested this on is fully patched too.